Stronger Together: Attack Surface Management and Security Validation
By Mike Talon, Director, Cybersecurity Architect, Cymulate
The digital threat landscape is becoming more dangerous with each passing year as cyberattacks increase in both frequency and severity. The average is now $4.45 million in the United States, and attackers continue to find success leveraging known techniques like social engineering, ransomware, and others. Despite this, a worrying number of businesses continue to display blind trust in their security controls, failing to validate whether those solutions are functioning effectively.
Now more than ever, a “set it and forget it” approach to security solutions is a failing game. Today’s cyber threats are becoming more complex and sophisticated, adapting to the evolving strategies and capabilities of network defenders. It is essential for defenders to have clear visibility across their environments, as well as the ability to test their security solutions to ensure they are performing as intended. As a result, Attack Surface Management (ASM) and Security Validation solutions have emerged as critical, complementary tools capable of helping organizations identify potential exposures and gauge how much of a risk they pose.
The Symbiotic Nature of ASM and Security Validation
The emergence of Continuous Threat Exposure Management (CTEM) practices has helped organizations recognize the crucial role testing plays in keeping their systems secure. CTEM refers to the ongoing processes of identifying potential exposures, testing how vulnerable they are to actual attack tactics, and prioritizing their remediation. It is designed to prompt organizations to evaluate their security capabilities on a continuous basis. ASM and Security Validation tools play an important, symbiotic role here: ASM is used to generate a comprehensive view of the organization’s attack surface by creating a blueprint of potential vulnerabilities and exposures and verifying; while Security Validation takes that blueprint and puts it to the test by actively seeking out those exposures to test breach feasibility and control efficacy.
The goal isn’t just to assess where vulnerabilities lie—it’s to understand which can be successfully exploited and leave the organization vulnerable to attack. ASM can highlight attack paths, but only validation can reveal whether adversaries can capitalize on them. For example, ASM may indicate a gap in coverage for one security solution, revealing what looks like a dangerous attack path. But when tested, Security Validation may reveal what appeared to be an exposure is actually protected by compensating controls. This confirms that there is no actual path of attack for a threat actor to successfully leverage and exploit that vulnerability. In that case, remediating that coverage gap may not be a high priority, and the organization can focus on addressing other exposures that are not as well protected and leave them vulnerable to attack.
Now Is the Time to Invest in ASM and Security Validation
Growing recognition of the need to verify the effectiveness of security controls has driven significant innovation in the areas of ASM and Security Validation. Today’s most advanced ASM solutions can provide businesses with visibility across their entire organization—including both on-premises and in the Cloud. With businesses increasingly adopting Cloud and multi-Cloud environments (and attackers frequently targeting them), it is important for ASM and Security Validation solutions to cover major public Cloud providers. Similarly, attacks on containers are continuing to rise, and businesses need to be able to secure their Kubernetes environments and validate the efficacy of the controls that protect them.
Fortunately, as ASM and Security Validation vendors continue to innovate, those capabilities are readily available to today’s businesses. It’s also important to note that this increased capability around Cloud platforms does not remove the need for Security Validation and ASM across on-premises infrastructure. Instead, advanced solutions take into account the various on-prem and hybrid configurations and evaluate possible exposures both individually, and as a unified architecture.
Given the pressures to have visibility across cloud and on-premises environments, it is not surprising that ASM and Security Validation were hot topics at this year’s Black Hat conference—and new technologies like those showcased at the event will become essential for modern businesses. Solutions like the Cymulate platform build on traditional Security Validation features to include Cloud and Kubernetes attack simulation scenarios and templates, allowing businesses to conduct breach feasibility assessment and gauge business risk from on-prem systems to the Cloud and back. As time goes on and innovation in this area continues, these offerings will only become more robust. Many businesses are already budgeting for these solutions and plan to increase their spend in 2024, highlighting the increasing demand for ASM and Security Validation. Organizations who fail to prioritize those capabilities may find themselves left behind—and dangerously exposed.
Identifying and Addressing Exposures—Wherever They Lie
Today’s businesses need to know whether the security solutions and protocols they have invested in are working as intended. Not only do ASM and Security Validation tools help organizations improve their overall security posture from on-prem to the Cloud, but they also help frame security in terms of potential exposure, a native component of business analysis. Implementing these tools as a part of the broader CTEM process allows security teams to clearly illustrate where exposures exist and what level of risk they pose to the organization if left unaddressed. Thanks to advances in ASM and Security Validation, businesses don’t need to take it on faith that their security operations are keeping them protected. Instead, they can actively measure their effectiveness and take the necessary steps to remediate dangerous exposures and security gaps in real time.
About the Author
Mike Talon is a solution architect living and working in New York City. He’s assisted in disaster recovery and migration, Cloud transformation, and identity and security operations and testing for companies ranging from mom & pop retail shops to Fortune 100 global companies. Mike currently works with Cymulate helping customers find ways to live safely in interesting times. Mike can be reached online at our company website www.cymulate.com.